Kaspersky Lab brought together company experts and Kaspersky Motorsport drivers to discuss current and future aspects of automotive industry in the region and worldwide. The IT security vendor says since modern cars have become more connected and incorporate intelligent technologies to make them smarter and efficient, the growing risk of a vehicle’s systems being breached makes security a crucial necessity.
Gartner estimates that there will be quarter of a billion connected cars on the roads by 2020. Others suggest that by then around 98% of cars will be connected to the Internet. With each generation, cars incorporate new intelligent technologies for remote diagnostics, telematics and autonomous driving, remote driver assistance and infotainment. Car controls are becoming more and more complex cyber-physical systems with multiple sensors, applications, subnets and communication modules that interact with other vehicles and their environment.
Kaspersky Lab with AVL Software and Functions have recently unveiled a prototype for secure car communications to ensure that connectivity opportunities don’t turn into failures. It demonstrates the possibilities of interference-proof communications between car components, the car and its external connected infrastructure, making connected care secure by design.
According to Kaspersky Lab experts, threats facing the automotive sector over the coming 12 months include:
- Vulnerabilities introduced through lack of manufacturer attention or expertise, combined with competitive pressures. The range of connected mobility services being launched will continue to rise, as will the number of suppliers developing and delivering them. This ever growing supply coupled with a fiercely competitive marketplace could lead to security short cuts or gaps that provide an easy way in for attackers.
- Vulnerabilities introduced through growing product and service complexity. Manufacturers serving the autonomous sector are increasingly focused on delivering multiple interconnected services to customers. Every link is a potential point of weakness that attackers will be quick to seize on. An attacker only needs to find one insecure opening, whether that is peripheral such as a phone Bluetooth or a music download system, and from there they may be able to take control of safety-critical electrical components like the brakes or engine.
- No software code is 100% bug free – and where there are bugs there can be exploits. Vehicles already carry more than 100 million lines of code. This in itself represents a massive attack surface for cybercriminals.
Kaspersky Lab says addressing these risks involves integrating security as standard, by design, focused on different parts of the connected car ecosystem. Defensive software solutions could be installed locally on individual electrical components – for instance, the brakes – to reinforce them against attacks.